BugBountyNotes Forum & Commenting Rules

This page contains information relating to posting public content such as comments (on any of our features) and forum topic/posts. Failure to abide by these rules may result in your content being removed and at worst, your account.

  • Don't share any private information such as, but not limited to, private program names, working vulnerabilities, vulnerable endpoints, users private information

  • No racism or vulgar language. Racism will result in an instant ban, it is not tolerated at all.

  • No spamming.

  • Do not slander companies. Comments on program pages are for feedback only. Be professional when leaving feedback.

  • Do not share companies personal details unless they have stated you can do so. This includes personal & work emails of employees.

  • Do not share user/researcher personal details unless they have stated you can do so. Some like to remain private, respect that.


  • When asking for bug help


  • Do NOT share information giving everyone access to the vulnerable endpoint. You are okay to share something like: "Got a page (built in php) that is vulnerable to XSS but they're filtering stuff.. unable to bypass filter." and share details to what you have tried. Sharing "https://www.redacted.com/search?q= is vulnerable, but can't bypass filter" is NOT ok.

  • You may only ask for help on websites you have been given permission to test (ie they have a bugbounty program)

  • Do NOT ask for help on exploiting a bug maliciously, such as dumping database tables. Malicious users are not welcome here.

  • If a user has helped you and the program is on HackerOne, unless you have stated otherwise, please add them to the report as a collaborator. Be fair to others if they are helping you. Users found to taking advantage of others may have their topics reviewed before going live, or at worst, lose the ability to post for bug help.